Featured Slideshow

In a Dallas courtroom on Thursday, writer and activist Barrett Brown was sentenced to 63 months in prison and was ordered to pay a little more than $890,000 in restitution and fines, according to reports.

Upcoming Live Events

Be sure to stay tuned for breaking news on our 2015 conference and expo, which promises to deliver even more innovative programming and an enhanced showcase of the latest cyber security solutions you must see.

RSA: The fundamental challenge of security versus privacy

A fundamental tension exists in balancing individual privacy rights and the collective right to security, Gary McGraw, CTO of application security vendor Cigital, said at the RSA Conference on Tuesday.

McGraw moderated a session called “Surveillance: Security, Privacy and Risk” in which panelists discussed the challenges of balancing the effort to scrutinize terrorist communications while preserving the privacy of innocent individuals. In addtion, panelists debated the effectiveness of surveillance efforts within and outside the country by commercial and government sectors. Panelist Alexander Joel, a civil liberties protection advocate, said that the government does a good job of balancing privacy and security challenges.

Joel added that the Foreign Intelligence Surveillance Act (FISA) created a framework outlining when government entities must get a court order to conduct surveillance. It also mandates the protections that entities must follow when carrying out surveillance. Assessments compliance occur twice a year and are submitted to Congress.

“When you do something under FISA, you achieve a good balance,” Joel said.

He added that all three branches of government are involved in surveillance activities and having it that way creates a “gold standard of intelligence.”

Panelist Matt Blaze, professor of computer science at the University of Pennsylvania, said that government surveillance efforts have historically been very secretive, to their disadvantage. In addition, there have been other government surveillance efforts which have lead to “overcollection” of data, resulting in questions of legality of such efforts, Blaze said.

“We need to think long and hard about what is actually a secret, because sunlight works really well and there's a tendency to hide,” Blaze said.

“When surveillance is something that's behind closed doors we lose some of those checks on discretion,” Mulligan said.

Having worked on both the public and private side of the spectrum, panelist Rebecca Bace, president, Infidel, said that commercial surveillance activities have made her “shudder” more than those she has known within the government. If nothing else, at least the government must comply with surveillance mandates such as FISA, Bace said.

Bace brought up other questions relating to this issue – who actually makes government privacy decisions? And, when privacy violations occur, who is accountable?

Blaze said that technology used to carry out surveillance efforts must be scrutinized, along with the policies that are followed. Mulligan questioned the effectiveness of government surveillance efforts.

“On the front end, when deploying and debating a system you don't just say, ‘we are going to get the bad guys, we are going to use this to make us more secure,'” Milligan said.

Mulligan said that first, you need to make sure the technology works. It must be determined scientifically how it will make us more secure.

Blaze said that whether technology works right is not a partisan issue. But Mulligan said she thinks the Obama administration will begin looking more critically at whether surveillance efforts are yielding the success they should.

SC Magazine arms information security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.